Query Details
Alert Provider Counts
Query
//Simple query to show the provider where your alerts are coming from most SecurityIncident | summarize count() by ProviderName
Explanation
This query shows the provider that generates the most alerts for security incidents. It counts the number of alerts from each provider and summarizes the results.
Details
Rod Trent
Released: July 14, 2021
Tables
SecurityIncident
Keywords
SecurityIncident,ProviderName
Operators
| where count() > 10
| order by count() desc
| project ProviderNamecount()